cicd-engineer

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

CI/CD Engineer

CI/CD工程师

When to Use

适用场景

Design or implement CI/CD for a skills monorepo (validate on PR, package on release)
Add or fix GitHub Actions workflows for skill folders, changed-path detection, and matrix validation
Wire skill-creator scripts (
```
quick_validate.py
```
,
```
package_skill.py
```
) into pipelines
Define quality gates: frontmatter, description length, reference layout, batch validate
Plan release and promotion for
```
.skill
```
artifacts (tags, environments, changelogs)
Document secrets, OIDC, and fork-safe PR checks for skill repos
Write rollback and change-management steps for a bad skill release
Produce runbooks for on-call during skill publish failures

为技能单体仓库设计或实现CI/CD（PR时验证，发布时打包）
为技能文件夹添加或修复GitHub Actions工作流，实现变更路径检测和矩阵验证
将skill-creator脚本（
```
quick_validate.py
```
、
```
package_skill.py
```
）接入流水线
定义质量门控：前置元数据、描述长度、参考布局、批量验证
规划
```
.skill
```
制品的发布与推广（标签、环境、变更日志）
为技能仓库编写密钥、OIDC以及分支安全PR检查的文档
为技能发布故障编写回滚和变更管理步骤
为技能发布失败时的值班人员制作操作手册

When NOT to Use

不适用场景

Application/service CI only (containers, K8s deploy, app test suites) without skill packaging →
```
devops
```
Pre-flight architecture or build go/no-go before execution →
```
build-validator
```
Internal developer platform, golden paths, Backstage, paved-road templates →
```
platform-engineer
```
SLI/SLO programs, error budgets, burn-rate alerting, PRR without pipeline work →
```
site-reliability-engineer
```
Skill catalog inventory, overlap dedup, deprecate/split governance without CI YAML →
```
ai-skill-manager
```
Security gates (SBOM, SAST policy, supply-chain signing) as the primary task →
```
devsecops
```
Author a single new skill from scratch (content only) → skill-creator /
```
init_skill.py
```

仅涉及应用/服务的CI/CD（容器、K8s部署、应用测试套件）且不包含技能打包 → 对应
```
devops
```
角色
执行前的预飞行架构或构建准入检查 → 对应
```
build-validator
```
角色
内部开发者平台、黄金路径、Backstage、标准化模板 → 对应
```
platform-engineer
```
角色
SLI/SLO项目、错误预算、 burn-rate告警、PRR且不涉及流水线工作 → 对应
```
site-reliability-engineer
```
角色
技能目录盘点、去重、弃用/拆分治理且不涉及CI YAML → 对应
```
ai-skill-manager
```
角色
以安全门控（SBOM、SAST策略、供应链签名）为主要任务 → 对应
```
devsecops
```
角色
从零开始编写单个新技能（仅内容）→ 对应skill-creator /
```
init_skill.py
```

Related skills

Need	Skill
General app CI/CD, GitOps, container delivery	`devops`
Go/no-go validation before major changes	`build-validator`
IDP, golden paths, developer portal	`platform-engineer`
SLOs, reliability metrics, incident reliability	`site-reliability-engineer`
Batch validate script, portfolio standards	`ai-skill-manager`
Pipeline and artifact security gates	`devsecops`
Release cutover tiers and change windows	`deployment-strategist`

需求	技能角色
通用应用CI/CD、GitOps、容器交付	`devops`
重大变更前的准入验证	`build-validator`
IDP、黄金路径、开发者门户	`platform-engineer`
SLO、可靠性指标、事件可靠性	`site-reliability-engineer`
批量验证脚本、组合标准	`ai-skill-manager`
流水线和制品安全门控	`devsecops`
发布切换层级和变更窗口	`deployment-strategist`

Core Workflows

核心工作流

1. Pipeline topology for skills repos

1. 技能仓库的流水线拓扑结构

Standard stage order:

checkout → detect changed skills → validate (quick_validate) → optional lint/scripts → package on release tag → publish artifact → notify

Checklist:

Pipeline as code under
```
.github/workflows/
```
; versioned with repo
PR jobs run on changed skill directories only when possible
```
quick_validate.py
```
gates merge; fail closed on invalid frontmatter
Release job runs
```
package_skill.py
```
only after validation passes
Artifacts immutable (tag + commit SHA in name or metadata)
Manual or environment approval before org-wide distribution

See
references/pipeline_design_and_workflow.md
.

标准阶段顺序：

checkout → 检测变更的技能 → 验证（quick_validate）→ 可选的代码检查/脚本 → 发布标签触发打包 → 发布制品 → 通知

检查清单：

流水线即代码存储在
```
.github/workflows/
```
下；与仓库版本同步
PR任务尽可能仅在变更的技能目录上运行
```
quick_validate.py
```
作为合并门控；元数据无效时阻止合并
发布任务仅在验证通过后运行
```
package_skill.py
```
制品不可变（名称或元数据中包含标签+提交SHA）
全组织分发前需手动或环境审批

参考文档：
references/pipeline_design_and_workflow.md

2. GitHub Actions implementation

2. GitHub Actions 实现

Use

paths

paths-filter

for

**/SKILL.md

and

references/**

Matrix or loop per changed skill directory
Cache nothing sensitive; use
```
GITHUB_TOKEN
```
with least scope
Fork PRs: read-only checks; no secrets on
```
pull_request_target
```
without hardening
Reusable workflow (
```
workflow_call
```
) for validate + package jobs

See
references/github_actions_and_build.md
.

使用

paths

paths-filter

监听

**/SKILL.md

和

references/**

针对每个变更的技能目录使用矩阵或循环
不缓存敏感内容；使用最小权限的
```
GITHUB_TOKEN
```
分支PR：仅做只读检查；未加固时
```
pull_request_target
```
不使用密钥
可复用工作流（
```
workflow_call
```
）用于验证+打包任务

参考文档：
references/github_actions_and_build.md

3. Testing and quality gates

3. 测试与质量门控

Gate	Tool / check
Structure + YAML	`quick_validate.py`
Batch regression	`ai-skill-manager/scripts/validate_all_skills.sh`
Description triggers	Human review + grep for duplicate keywords
Scripts in skill dirs	Lint + no network exfil patterns

See
references/testing_gates_and_quality.md
.

门控	工具/检查方式
结构 + YAML	`quick_validate.py`
批量回归	`ai-skill-manager/scripts/validate_all_skills.sh`
描述触发规则	人工审核 + 关键词重复检查
技能目录中的脚本	代码检查 + 无网络数据泄露模式

参考文档：
references/testing_gates_and_quality.md

4. Skill validation and packaging CI

4. 技能验证与打包CI

bash

python3 ~/.claude/skills/skill-creator/scripts/quick_validate.py path/to/skill-dir
python3 ~/.claude/skills/skill-creator/scripts/package_skill.py path/to/skill-dir ./dist

PR: validate changed skills only
Release: package validated skills; attach
```
.skill
```
to GitHub Release or internal registry
Do not package every skill on every PR unless releasing a bundle

See
references/skill_validation_and_packaging_ci.md
.

bash

python3 ~/.claude/skills/skill-creator/scripts/quick_validate.py path/to/skill-dir
python3 ~/.claude/skills/skill-creator/scripts/package_skill.py path/to/skill-dir ./dist

PR：仅验证变更的技能
发布：打包已验证的技能；将
```
.skill
```
附加到GitHub Release或内部注册表
除非发布捆绑包，否则不要在每次PR时打包所有技能

参考文档：
references/skill_validation_and_packaging_ci.md

5. Deployment, promotion, and operations

5. 部署、推广与运维

Dev/staging: auto-validate on PR merge to main
Release: tag
```
skill-v*
```
or calendar version; package and publish
Promotion: copy artifacts to consumer paths (plugin cache, internal registry) with checksum
Rollback: re-publish previous tag artifacts; document superseded skill
```
description
```
if needed
Runbook: who approves, how to verify install, comms for broken bundle

See
references/deployment_promotion_and_operations.md
.

开发/预发布环境：PR合并到主分支时自动验证
发布：标记
```
skill-v*
```
或日历版本；打包并发布
推广：将制品复制到消费路径（插件缓存、内部注册表）并附带校验和
回滚：重新发布之前版本的制品；必要时记录被替代技能的
```
description
```
操作手册：审批人、安装验证方式、故障捆绑包的沟通流程

参考文档：
references/deployment_promotion_and_operations.md

6. Scope and boundaries

6. 范围与边界

Confirm the ask is skills-repo CI/CD, not generic platform ops. Load

references/cicd_engineer_scope.md

when routing or scoping engagements.

确认需求是技能仓库CI/CD，而非通用平台运维。在路由或界定工作范围时加载

references/cicd_engineer_scope.md

。

When to load references

何时加载参考文档

Topic	Reference
Role boundaries and triggers	`references/cicd_engineer_scope.md`
Pipeline stages, branching, artifacts	`references/pipeline_design_and_workflow.md`
GitHub Actions patterns	`references/github_actions_and_build.md`
Gates, batch validate, PR policy	`references/testing_gates_and_quality.md`
quick_validate / package_skill in CI	`references/skill_validation_and_packaging_ci.md`
Release, promotion, rollback, runbooks	`references/deployment_promotion_and_operations.md`

主题	参考文档
角色边界与触发条件	`references/cicd_engineer_scope.md`
流水线阶段、分支策略、制品	`references/pipeline_design_and_workflow.md`
GitHub Actions 模式	`references/github_actions_and_build.md`
门控、批量验证、PR策略	`references/testing_gates_and_quality.md`
CI中的quick_validate / package_skill	`references/skill_validation_and_packaging_ci.md`
发布、推广、回滚、操作手册	`references/deployment_promotion_and_operations.md`